Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Apple releases Security Update for OS X versions 10.3.9 and 10.4.9
Apple Inc ^ | 04/19/2007

Posted on 04/19/2007 6:18:43 PM PDT by Swordmaker

About Security Update 2007-004

This document describes Security Update 2007-004, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.

For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."

Where possible, CVE IDs are used to reference the vulnerabilities for further information.

To learn about other Security Updates, see "Apple Security Updates."

Security Update 2007-004

  • AFP Client

    CVE-ID: CVE-2007-0729

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

    Impact: A local user may obtain system privileges

    Description: Under certain circumstances, AFP Client may execute commands without properly cleaning the environment. This may allow a local user to create files or execute commands with system privileges. This update addresses the issue by cleaning the environment prior to executing commands.

  • AirPort

    CVE-ID: CVE-2007-0725

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

    Impact: A local user may be able to execute arbitrary code with elevated privileges

    Description: A buffer overflow vulnerability exists in the AirPortDriver module which processes control commands for AirPort. By sending malformed control commands, a local user could trigger the overflow which may lead to arbitrary code execution with elevated privileges. This issue affects eMac, iBook, iMac, PowerBook G3, PowerBook G4, and Power Mac G4 systems equipped with an original AirPort card. This issue does not affect systems with the AirPort Extreme card. This update addresses the issue by performing proper bounds checking.

  • CarbonCore

    CVE-ID: CVE-2007-0732

    Available for: Mac OS X v10.4.9, Mac OS X Server v10.4.9

    Impact: A local user may be able to execute arbitrary code with elevated privileges

    Description: The CoreServices daemon could allow a local user to obtain a send right to its Mach task port, which may lead to arbitrary code execution with elevated privileges. This update addresses the issue by through improved checks in the CoreServices interprocess communication. This issue does not affect systems prior to Mac OS X v10.4.

  • diskdev_cmds

    CVE-ID: CVE-2007-0734

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

    Impact: Opening a maliciously-crafted UFS disk image may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption vulnerability exists in fsck. It is possible to cause fsck to be run automatically on a disk image when it is opened. By enticing a user to open a maliciously-crafted disk image, or to run fsck on any maliciously-crafted UFS filesystem, an attacker could trigger the issue which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of UFS filesystems.

  • fetchmail

    CVE-ID: CVE-2006-5867

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

    Impact: fetchmail may send passwords in plain text, even when configured to use TLS

    Description: fetchmail is updated to version 6.3.6 to fix a vulnerability that could allow authentication credentials to be sent in plain text, despite being configured to use TLS. This issue is described on the fetchmail web site at http://fetchmail.berlios.de/fetchmail-SA-2006-02.txt

  • ftpd

    CVE-ID: CVE-2006-6652

    Available for: Mac OS X v10.3.9, Mac OS X v10.4.9

    Impact: FTP operations by authenticated FTP users may lead to arbitrary code execution

    Description: lukemftpd has been updated to version tnftpd 20061217 to address a buffer overflow vulnerability in the handling of commands with globbing characters that could lead to arbitrary code execution. This issue does not affect Mac OS X Server v10.3.9 or Mac OS X Server v10.4.9. Credit to Kevin Finisterre of DigitalMunition for reporting this issue.

  • GNU Tar

    CVE-ID: CVE-2006-0300

    Available for: Mac OS X v10.4.9, Mac OS X Server v10.4.9

    Impact: Listing or extracting a maliciously-crafted tar archive may lead to an unexpected application termination or arbitrary code execution

    Description: A buffer overflow vulnerability exists in the handling of PAX extended headers in GNU tar archives. By enticing a local user to list or extract a maliciously-crafted tar archive, an attacker can trigger the overflow which may lead to an unexpected application termination or arbitrary code execution. This issue has been addressed by performing additional validation of tar files. This issue does not affect systems prior to Mac OS X 10.4.

  • Help Viewer

    CVE-ID: CVE-2007-0646

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

    Impact: Opening a help file with a maliciously-crafted name may lead to an unexpected application termination or arbitrary code execution

    Description: A format string vulnerability exists in the Help Viewer application. By enticing a user to download and open a help file with a maliciously-crafted name, an attacker can trigger the vulnerability which may lead to an unexpected application termination or arbitrary code execution. This has been described on the Month of Apple Bugs web site (MOAB-30-01-2007). This update addresses the issue by eliminating any format string processing of file names.

  • HID Family

    CVE-ID: CVE-2007-0724

    Available for: Mac OS X v10.4 through Mac OS X v10.4.9, Mac OS X Server v10.4 through Mac OS X Server v10.4.9

    Impact: Console keyboard events are exposed to other users on the local system

    Description: Insufficient controls in the IOKit HID interface allow any logged in user to capture console keystrokes, including passwords and other sensitive information. This update addresses the issue by limiting HID device events to processes belonging to the current console user. Credit to Andrew Garber of University of Victoria, Alex Harper, and Michael Evans for reporting this issue. This fix was originally distributed via the Mac OS X v10.4.9 update. However, due to a packaging issue it may not have been delivered to all systems. This update redistributes this fix in order to reach all affected systems.

  • Installer

    CVE-ID: CVE-2007-0465

    Available for: Mac OS X v10.4.9, Mac OS X Server v10.4.9

    Impact: Opening an installer package with a maliciously-crafted name may lead to an unexpected application termination or arbitrary code execution

    Description: A format string vulnerability exists in the Installer application. By enticing a user to download and install an installer package with a maliciously-crafted file name, an attacker can trigger the vulnerability which may lead to an unexpected application termination or arbitrary code execution. This issue has been described on the Month of Apple Bugs web site (MOAB-26-01-2007). This update addresses the issue by eliminating any format string processing of file names. This issue does not affect systems prior to Mac OS X v10.4.

  • Kerberos

    CVE-ID: CVE-2006-6143

    Available for: Mac OS X v10.4.9, Mac OS X Server v10.4.9

    Impact: Running the Kerberos administration daemon may lead to an unexpected application termination or arbitrary code execution with system privileges

    Description: An uninitialized function pointer vulnerability exists in the MIT Kerberos administration daemon (kadmind), which may lead to an unexpected application termination or arbitrary code execution with system privileges. Further information on the issue and the patch applied is available via the MIT Kerberos website at http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2006-002-rpc.txt. This issue does not affect systems prior to Mac OS X v10.4. Credit to the MIT Kerberos Team and an anonymous researcher working with iDefense for reporting this issue.

  • Kerberos

    CVE-ID: CVE-2007-0957

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

    Impact: Running the Kerberos administration daemon or the KDC may lead to an unexpected application termination or arbitrary code execution with system privileges

    Description: A stack buffer overflow vulnerability exists in the MIT Kerberos administration daemon (kadmind), as well as the KDC, which may lead to an unexpected application termination or arbitrary code execution with system privileges. Further information on the issue and the patch applied is available via the MIT Kerberos website at http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-002-syslog.txt. Credit to the MIT Kerberos Team for reporting this issue.

  • Kerberos

    CVE-ID: CVE-2007-1216

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

    Impact: Running the Kerberos administration daemon may lead to an unexpected application termination or arbitrary code execution with system privileges

    Description: A double-free vulnerability exists in the GSS-API library used by the MIT Kerberos administration daemon (kadmind), which may lead to an unexpected application termination or arbitrary code execution with system privileges. Further information on the issue and the patch applied is available via the MIT Kerberos website at http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2007-003.txt. Credit to the MIT Kerberos Team for reporting this issue.

  • Libinfo

    CVE-ID: CVE-2007-0735

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

    Impact: Visiting malicious websites may lead to an unexpected application termination or arbitrary code execution

    Description: In some cases, Libinfo does not correctly report errors to applications that use it. By enticing a user to visit a maliciously-crafted web page, an attacker can cause a previously deallocated object to be accessed, which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing appropriate error reporting in Libinfo. Credit to Landon Fuller of Three Rings Design for reporting this issue.

  • Libinfo

    CVE-ID: CVE-2007-0736

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

    Impact: Remote attackers may be able to cause a denial of service or arbitrary code execution if the portmap service is enabled

    Description: An integer overflow vulnerability exists in the RPC library. By sending maliciously-crafted requests to the portmap service, a remote attacker can trigger the overflow which may lead to a denial of service or arbitrary code execution as the 'daemon' user. This update addresses the issue by performing additional validation of portmap requests. Credit to the Mu Security Research Team for reporting this issue.

  • Login Window

    CVE-ID: CVE-2007-0737

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

    Impact: A local user may obtain system privileges

    Description: Login Window does not sufficiently check its environment variables. This could allow a local user to execute arbitrary code with system privileges. This update addresses the issue by through improved validation of Login Window environment variables.

  • Login Window

    CVE-ID: CVE-2007-0738

    Available for: Mac OS X v10.4.9, Mac OS X Server v10.4.9

    Impact: The screen saver authentication dialog may be bypassed

    Description: Under certain conditions, the user's preference to "require a password to wake the computer from sleep" is ignored, and a password is not required to wake from sleep. This update addresses the issue by through improved handling of this preference.

  • Login Window

    CVE-ID: CVE-2007-0739

    Available for: Mac OS X v10.4.9, Mac OS X Server v10.4.9

    Impact: The loginwindow authentication dialog may be bypassed

    Description: Under certain conditions, the software update window may appear beneath the Login Window. This could allow a person with physical access to the system to log in without authentication. This update addresses the issue by only running scheduled tasks after the user login. This issue does not affect systems prior to Mac OS X v10.4.

  • network_cmds

    CVE-ID: CVE-2007-0741

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

    Impact: Remote attackers may be able to cause a denial of service or arbitrary code execution if Internet Sharing is enabled

    Description: A buffer overflow vulnerability exists in the handling of RTSP packets in natd. By sending malformed RTSP packets, a remote attacker may be able to trigger the overflow which may lead to arbitrary code execution. This issue only affects users who have Internet Sharing enabled. This update addresses the issue by performing additional validation of rtsp packets.

  • SMB

    CVE-ID: CVE-2007-0744

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

    Impact: A local user may obtain system privileges

    Description: Under certain circumstances, SMB may execute commands without properly cleaning the environment. This may allow a local user to create files or execute commands with system privileges. This update addresses the issue by cleaning the environment prior to executing commands.

  • System Configuration

    CVE-ID: CVE-2007-0022

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

    Impact: Local admin users may execute arbitrary code with system privileges without authentication

    Description: Admin users have the ability to alter system preferences through the writeconfig utility. When the writeconfig utility launches the launchctl utility, it does not clean the environment inherited from the user. This could allow arbitrary code execution with system privileges without authentication. This issue has been described on the Month of Apple Bugs web site (MOAB-21-01-2007). This update addresses the issue by cleaning the environment before calling the launchctl utility.

  • URLMount

    CVE-ID: CVE-2007-0743

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

    Impact: A local users may obtain other user's authentication credentials

    Description: The username and password used to mount remote filesystems through connections to SMB servers are passed to the mount_smb command as command line arguments, which may expose them to other local users. This update addresses the issue by securely passing the authentication credentials to the mount_smb command. Credit to Daniel Ball of Pittsburgh Technical Institute, Geoff Franks of Hauptman Woodward Medical Research Institute, and Jamie Cox of Sophos Plc for reporting this issue.

  • VideoConference

    CVE-ID: CVE-2007-0746

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

    Impact: Remote attackers may be able to cause an unexpected application termination or arbitrary code execution if iChat is running.

    Description: A heap buffer overflow vulnerability exists in the VideoConference framework. By sending a maliciously-crafted SIP packet when initializing an audio/video conference, an attacker can trigger the overflow which may lead to arbitrary code execution. This update addresses the issue by performing additional validation of SIP packets.

  • WebDAV

    CVE-ID: CVE-2007-0747

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.9, Mac OS X Server v10.4.9

    Impact: A local user may obtain system privileges

    Description: When mounting a WebDAV filesystem, the load_webdav program may be launched without properly cleaning the environment. This may allow a local user to create files or execute commands with system privileges. This update addresses the issue by cleaning the environment prior to executing commands.

  • WebFoundation

    CVE-ID: CVE-2007-0742

    Available for: Mac OS X v10.3.9, Mac OS X Server v10.3.9

    Impact: Cookies set by subdomains may be accessible to the parent domain

    Description: An implementation issue allows cookies set by subdomains to be accessible to the parent domain, which may lead to the disclosure of sensitive information. This update addresses the issue by performing additional validation of the domain to which a cookie is being sent. This issue does not affect systems running Mac OS X v10.4. Credit to Bradley Schwoerer of University of Wisconsin-Madison for reporting this issue.



TOPICS: Computers/Internet
KEYWORDS:
Use the Software Update selection under the Apple menu to download and update your computer.
1 posted on 04/19/2007 6:18:47 PM PDT by Swordmaker
[ Post Reply | Private Reply | View Replies]

To: 1234; 6SJ7; Abundy; Action-America; af_vet_rr; afnamvet; akatel; Alexander Rubin; Amadeo; ...
Security update time... This update is for OS X.3.9 and OS X.4.9... Warning the X.3.9 update is almost 140 MB in size and those on dial up can take a weeks vacation (or at least a couple of days) while it downloads. The OS X.4.9 updates are only about 10 MB in size.

Also, if you are an owner of Aperture, there is an update for that as well... 129 MB in size.

PING!

If you want on or off the Mac Ping List, Freepmail me.

2 posted on 04/19/2007 6:21:56 PM PDT by Swordmaker (Remember, the proper pronunciation of IE is "AAAAIIIIIEEEEEEE)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker

10.4.9 update took about a minute and required a restart. Only time I’ve ever restarted this pig.

Thanks for the heads-up. One of my pet peeves was XP phoning home every time I turned the damned thing on.


3 posted on 04/19/2007 6:34:29 PM PDT by IslandJeff (There will be Democrats in heaven, except they'll be too busy organizing the staff)
[ Post Reply | Private Reply | To 2 | View Replies]

To: Swordmaker
Thanks,So No Leopard till OCT ?????
4 posted on 04/19/2007 6:34:56 PM PDT by cmsgop ( "cmsgop" a Mark Goodson / Bill Todman Production)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker

10.3 = 37.7 Mb, about 2 mins.


5 posted on 04/19/2007 6:39:44 PM PDT by blu (All grammar and punctuation rules are *OFF* for the "24" thread.)
[ Post Reply | Private Reply | To 2 | View Replies]

To: Swordmaker

oops... make that “. . . almost 40MB. . . “ not 140...


6 posted on 04/19/2007 6:42:39 PM PDT by Swordmaker (Remember, the proper pronunciation of IE is "AAAAIIIIIEEEEEEE)
[ Post Reply | Private Reply | To 2 | View Replies]

To: blu
10.3 = 37.7 Mb, about 2 mins.

not on a dial up...

I wish my DSL were that fast.

7 posted on 04/19/2007 6:44:36 PM PDT by Swordmaker (Remember, the proper pronunciation of IE is "AAAAIIIIIEEEEEEE)
[ Post Reply | Private Reply | To 5 | View Replies]

To: Swordmaker
Just got home from a Chamber of Commerce mixer and it was waiting for me. It (3.9) took several minutes on Suddenlink cable. Their email server is always having problems and it must effect the other servers?
8 posted on 04/19/2007 7:10:23 PM PDT by tubebender (Worry gives small problems big shadows)
[ Post Reply | Private Reply | To 1 | View Replies]

later


9 posted on 04/19/2007 7:12:42 PM PDT by secretagent
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker

Thanks a bunch.

Got it downloaded, restarting next.


10 posted on 04/19/2007 8:19:37 PM PDT by Sundog (envision whirled peas.)
[ Post Reply | Private Reply | To 2 | View Replies]

To: Swordmaker

First Mac thread in a while which didn’t have a visit from one of the [characterization omitted]s who give FR a bad name. It’s very nice!


11 posted on 04/19/2007 10:04:02 PM PDT by SunkenCiv (I last updated my profile on Monday, April 18, 2007. https://secure.freerepublic.com/donate/)
[ Post Reply | Private Reply | To 1 | View Replies]

To: cmsgop

That’s the way it looks unfortunately.


12 posted on 04/20/2007 3:58:19 AM PDT by spower
[ Post Reply | Private Reply | To 4 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson